package com.cloud.springbootcloud.config;

/**
 * @package: com.example.springbootcloud
 * @ClassName: WebSecurityConfig
 * @author: 狗熊唯爱真言
 * @date : 2022/3/23 18:00
 * @date : 2022-03-23 18:00
 **/

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 安全认证配置类
 */
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 加这句是为了访问 eureka 控制台和 /actuator 时能做安全控制
        super.configure(http);
        // 忽略 /eureka/** 的所有请求
        http.csrf().ignoringAntMatchers("/eureka/**");
    }
/*    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 注意，如果直接 disable 的话会把安全验证也禁用掉
        http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic();
    }*/
}
